Lucene search
K
MageiaRecent

6009 matches found

Mageia
Mageia
•added 2014/01/31 4:43 p.m.•41 views

Updated drupal package fixes security vulnerabilities

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...

7.5CVSS6.3AI score0.01526EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/31 4:42 p.m.•40 views

Updated libmicrohttpd package fixes security vulnerabilities

The MHDhttpunescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service crash via unspecified vectors that trigger an out-of-bounds read CVE-2013-7038. Stack-based buffer overflow in the MHDdigestauthcheck function in...

6.4CVSS6.6AI score0.03277EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/24 9:5 p.m.•35 views

Updated flash-player-plugin fixes security vulnerabilities

Adobe Flash Player 11.2.202.335 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a vulnerability that could be used to bypass Flas...

10CVSS6.5AI score0.07117EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/24 9:4 p.m.•36 views

Updated python-jinja2 package fixes two security vulnerabilities

Updated python-jinja2 packages fix security vulnerability: Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like...

4.4CVSS7.2AI score0.00373EPSS
Exploits0References5
Mageia
Mageia
•added 2014/01/24 9:2 p.m.•32 views

Updated graphviz packages fix security vulnerabilities

Updated graphviz packages fix security vulnerabilities: Multiple buffer overflow vulnerabilities in graphviz due to an error within the "yyerror" function lib/cgraph/scan.l which can be exploited to cause a stack-based buffer overflow via a specially crafted file CVE-2014-0978 and the acceptance ...

10CVSS7.9AI score0.06082EPSS
Exploits2References3
Mageia
Mageia
•added 2014/01/24 9:1 p.m.•42 views

Updated lightdm-gtk-greeter fixes CVE-2014-0979

Updated lightdm-gtk-greeter package fixes security vulnerability: lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdmgreetergetauthenticationuser returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference...

2.1CVSS6.2AI score0.0041EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/24 8:59 p.m.•28 views

Updated perl-Proc-Daemon package fixes CVE-2013-7135

Updated perl-Proc-Daemon package fixes security vulnerability: It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it CVE-2013-7135...

7.2CVSS2.4AI score0.00379EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/21 4:23 p.m.•37 views

Updated nss packages fix security vulnerability

Updated nss packages fix security vulnerability: The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509...

5.8CVSS3.8AI score0.01929EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/21 4:22 p.m.•61 views

Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities

Updated java-1.7.0-openjdk packages fix security vulnerabilities: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could...

10CVSS6.3AI score0.08383EPSS
Exploits1References4
Mageia
Mageia
•added 2014/01/21 4:20 p.m.•38 views

Updated spice packages fix a security vulnerability

Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the redshandleticket function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting...

5CVSS2.3AI score0.0273EPSS
Exploits2References2
Mageia
Mageia
•added 2014/01/21 4:19 p.m.•58 views

Updated cups packages fix a security vulverability

Updated cups packages fix security vulnerability: Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions CVE-2013-6891...

1.2CVSS1.1AI score0.00446EPSS
Exploits1References3
Mageia
Mageia
•added 2014/01/21 4:17 p.m.•31 views

Updated libxfont packages fix security vulnerability

Updated libxfont packages fix security vulnerability: It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts BDF could result in the execution of arbitrary code CVE-2013-6462...

9.3CVSS3.7AI score0.10254EPSS
Exploits1References3
Mageia
Mageia
•added 2014/01/21 4:16 p.m.•45 views

Updated net-snmp packages fix CVE-2012-6151

Updated net-snmp packages fix security vulnerability: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service crash or infinite loop, CPU consumption, and hang by causing the AgentX subagent to...

4.3CVSS1.1AI score0.09451EPSS
Exploits1References4
Mageia
Mageia
•added 2014/01/21 4:14 p.m.•39 views

Updated memcached package fixes multiple security vulnerabilities

Updated memcached packages fix security vulnerability: It was reported that SASL authentication could be bypassed due to a flaw related to the managment of the SASL authentication state. With a specially crafted request, a remote attacker may be able to authenticate with invalid SASL credentials...

4.8CVSS3.6AI score0.01498EPSS
Exploits3References2
Mageia
Mageia
•added 2014/01/21 4:12 p.m.•40 views

Updated ruby-i18n package fixes security vulnerability

Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call CVE-2013-4492...

4.3CVSS5.2AI score0.02231EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/21 4:8 p.m.•42 views

Updated x11-server package fixes security vulnerability

Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code CVE-2013-6424...

5CVSS4.5AI score0.02879EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/21 4:6 p.m.•33 views

Updated zabbix packages fix two security vulnerabilities

Updated zabbix packages fixes security vulnerability: This update multiples vulnerabilities. - Fix vulnerability for remote command execution injection ZBX-7479, CVE-2013-6824 - Fix SQL injection vulnerability ZBX-7091, CVE-2013-5743 - Fix XSS issues ZBX-6952...

9.8CVSS2AI score0.79988EPSS
Exploits10References7
Mageia
Mageia
•added 2014/01/21 4:4 p.m.•19 views

Updated elinks package fixes a security vulnerability

Updated elinks package fixes security vulnerability: When verifying SSL certificates, elinks fails to warn the user if the hostname of the certificate does not match the hostname of the website. The elinks package has been updated to version 0.12-pre6 and patched to fix this issue...

2.3AI score
Exploits0References2
Mageia
Mageia
•added 2014/01/17 12:39 a.m.•38 views

Updated bind package fixes security vulnerability

Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with t...

2.6CVSS7.4AI score0.31671EPSS
Exploits1References3
Mageia
Mageia
•added 2014/01/17 12:33 a.m.•45 views

Updated openssl package fixes security vulnerabilities

Updated openssl packages fix security vulnerabilities: The DTLS retransmission implementation in OpenSSL through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by...

5.8CVSS1.4AI score0.14542EPSS
Exploits1References4
Mageia
Mageia
•added 2014/01/17 12:24 a.m.•39 views

Updated dcraw and ufraw package fix security vulnerability

Due to flaws in the embedded copy of LibRaw in dcraw and ufraw, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference CVE-2013-1438. The dcraw and ufraw packages have been updated to their newest versions and patched to fix the flaws in the embedded...

4.3CVSS1.3AI score0.02059EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/17 12:22 a.m.•34 views

Updated nagios package fixes security vulnerability

A flaw was reported and fixed in Nagios, which can be exploited to cause a denial of service. This vulnerability is caused due to an off-by-one error within the processcgivars function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios we...

6.4CVSS2.6AI score0.59546EPSS
Exploits0References4
Mageia
Mageia
•added 2014/01/17 12:20 a.m.•33 views

Updated qt4 package fixes security vulnerability

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service CVE-2013-4549...

5CVSS2.7AI score0.03105EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/06 1:23 a.m.•41 views

Updated openssl package fixes security vulnerability

A flaw was reported for OpenSSL 1.0.1e, that can cause application using OpenSSL to crash when using TLS version 1.2 CVE-2013-6449. Also, a NULL pointer reference issue has been fixed in SSLgetcertificate mga11549...

4.3CVSS3.1AI score0.21174EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/06 1:20 a.m.•57 views

Updated nodejs package fixes security vulnerabilities

A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...

7.5CVSS0.8AI score0.3722EPSS
Exploits3References4
Mageia
Mageia
•added 2014/01/06 1:17 a.m.•48 views

Updated firefox and thunderbird packages fix security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox or Thunderbird CVE-2013-5609,...

10CVSS4.4AI score0.11076EPSS
Exploits7References12
Mageia
Mageia
•added 2014/01/06 1:10 a.m.•45 views

Updated openjpeg package fixes security vulnerabilities

Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application...

7.5CVSS3.8AI score0.05515EPSS
Exploits0References3
Mageia
Mageia
•added 2014/01/06 1:8 a.m.•25 views

Updated librsvg and gtk+3.0 packages fix security vulnerability

librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference CVE-2013-1881. gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg...

4.3CVSS5.3AI score0.03197EPSS
Exploits0References2
Mageia
Mageia
•added 2014/01/06 1:2 a.m.•44 views

Updated ruby package fixes security vulnerability

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

6.8CVSS4.3AI score0.34968EPSS
Exploits3References4
Mageia
Mageia
•added 2014/01/06 12:52 a.m.•36 views

Updated xml-security package fixes security vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures CVE-2013-2172...

4.3CVSS3.2AI score0.0593EPSS
Exploits1References2
Mageia
Mageia
•added 2014/01/06 12:49 a.m.•37 views

Updated cxf, wss4j, and jacorb packages fix security vulnerability

Multiple denial of service flaws were found in the way StAX parser implementation of Apache CXF, an open-source web services framework, performed processing of certain XML files. If a web service application utilized the services of the StAX parser, a remote attacker could provide a...

5CVSS3.5AI score0.32259EPSS
Exploits6References5
Mageia
Mageia
•added 2013/12/23 5:20 p.m.•30 views

Updated libkdcraw packages fix CVE-2013-1438 & CVE-2013-1439

Updated libkdcraw packages fix libraw security vulnerabilities: It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denia...

4.3CVSS1.4AI score0.02059EPSS
Exploits1References2
Mageia
Mageia
•added 2013/12/23 5:15 p.m.•38 views

Updated asterisk packages fix CVE-2013-7100

Updated asterisk packages fix security vulnerability: Buffer overflow in the unpacksms16 function in apps/appsms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified...

5CVSS5.5AI score0.14715EPSS
Exploits1References4
Mageia
Mageia
•added 2013/12/23 5:10 p.m.•49 views

Updated chromium-browser-stable fixes multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Pinkie Pie discovered multiple memory corruption issues CVE-2013-6632. Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper CVE-2013-6634. cloudfuzzer discovered use-after-fr...

9.3CVSS0.8AI score0.0609EPSS
Exploits0References5
Mageia
Mageia
•added 2013/12/20 5:29 p.m.•41 views

Updated gnupg package fixes CVE-2013-4576

Updated gnupg package fixes security vulnerability: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts CVE-2013-4576...

2.1CVSS3.2AI score0.00451EPSS
Exploits0References3
Mageia
Mageia
•added 2013/12/20 5:27 p.m.•38 views

Updated apache-mod_nss package fixes CVE-2013-4566

Updated apache-modnss package fixes security vulnerability: A flaw was found in the way modnss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, modnss...

4CVSS2.3AI score0.02003EPSS
Exploits0References2
Mageia
Mageia
•added 2013/12/19 9:10 p.m.•34 views

Updated wireshark packages fix two security vulnerabilities

Updated wireshark packages fix security vulnerabilities: The SIP dissector could go into an infinite loop CVE-2013-7112. The NTLMSSP v2 dissector could crash CVE-2013-7114...

5CVSS1.8AI score0.02307EPSS
Exploits1References5
Mageia
Mageia
•added 2013/12/19 9:8 p.m.•68 views

Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2013-6420. It was discovered that PHP...

7.5CVSS1.8AI score0.35635EPSS
Exploits8References3
Mageia
Mageia
•added 2013/12/19 9:6 p.m.•36 views

Updated munin packages fixes two security vulnerabilities

Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master CVE-2013-6048. A...

5CVSS1.2AI score0.02502EPSS
Exploits0References2
Mageia
Mageia
•added 2013/12/18 10:57 p.m.•52 views

Updated fcron package fixes security vulnerability and init script

fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file CVE-2010-0792. An error in the init script as also been corrected...

1.9CVSS4.9AI score0.00351EPSS
Exploits0References2
Mageia
Mageia
•added 2013/12/17 11:36 p.m.•18 views

Updated python3 and related packages fix security vulnerabilities and prevent an error

Changed behavior of ssl.matchhostname to follow RFC 6125 Also python-virtualenv has had incdir settings altered to avoid "include nested too deeply" error mga11283...

2.2AI score
Exploits0References5
Mageia
Mageia
•added 2013/12/17 11:30 p.m.•51 views

Updated kernel-vserver packages fix security vulnerabilities

This kernel-vserver update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
•added 2013/12/17 11:27 p.m.•49 views

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresse...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
•added 2013/12/17 11:24 p.m.•73 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
•added 2013/12/17 11:19 p.m.•53 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary...

7.8CVSS3.9AI score0.09408EPSS
Exploits11References27
Mageia
Mageia
•added 2013/12/17 10:38 p.m.•59 views

Updated kernel and related packages fix security vulnerabilities

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.24 and fixes the following security issues: The ipv6createtempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.10 does not properly handle problems with the generation of IPv6 temporary addresses,...

7.8CVSS3.7AI score0.09408EPSS
Exploits17References27
Mageia
Mageia
•added 2013/12/12 10:24 p.m.•39 views

Updated flash-player-plugin package fixes vulnerabilities

Adobe Flash Player 11.2.202.332 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to...

9.3CVSS3.1AI score0.72495EPSS
Exploits7References2
Mageia
Mageia
•added 2013/12/12 10:22 p.m.•32 views

Updated samba package fixes multiple vulnerabilities

Updated samba packages fix security vulnerabilities: Samba before 3.6.22 incorrectly allows login from authenticated users if the requiremembershipof parameter of pamwinbind specifies only invalid group names CVE-2012-6150. It was discovered that multiple buffer overflows in the processing of...

8.3CVSS4.9AI score0.0379EPSS
Exploits1References4
Mageia
Mageia
•added 2013/12/12 10:21 p.m.•43 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Kevin Israel Wikipedia user PleaseStand identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist CVE-2013-4567, CVE-2013-4568. Internal review while debugging a site issue discovered that...

7.5CVSS2.1AI score0.02142EPSS
Exploits0References3
Mageia
Mageia
•added 2013/12/12 10:19 p.m.•27 views

Updated owncloud package fixes CVE-2013-6403

Updated owncloud package fixes security vulnerability: Possible security bypass on admin page under certain circumstances and MariaDB CVE-2013-6403. The owncloud package has been updated to version 5.0.13, fixing this and many other issues...

6.8CVSS5.4AI score0.02066EPSS
Exploits0References3
Total number of security vulnerabilities6009